LeoDavidson said:
wastingtimewithforums said:
*snip*

[EDIT: I was wrong about Flash/PDF within protected-mode IE. See reply on 8th page.]

It's also worth noting that both Flash and Adobe Reader run within medium-IL proxy processes even when used with low-IL Internet Explorer. We all wish they didn't, and wish more things supported low-IL, but we still live in a reality where that isn't the case. Low-IL is the exception, not the rule. There are still plenty of "innocent" actions, like visiting a webpage in an up-to-date low-IL browser or double-clicking what you think is a static image or document file, which can result in malicious code being run.

It doesn't have to be a "dodgy" webpage or file, either. There have been several cases this year alone where non-malicious sites and advertising networks have been hijacked by bad people to deliver malicious content to unsuspecting users.

UAC isn't only about malicious code, obviously, but it's pretty useful at slowing it down and/or limiting how deeply it can embed itself in the system itself. I'd say that's the primary benefit of the prompts for admin accounts. (Even though UAC isn't a security boundary, it is still a security feature.)

If you remove that benefit then what's left? Just the idea of making apps which show too many prompts annoy admin users with the misguided idea that it'll be more likely to make people push for those apps to be redesigned than for those people to simply turn off UAC if it bothers them... A pretty rich idea, too, considering Microsoft's apps (when their private backdoor is taken away) were and still are the worst offenders when it comes to this.

Correction to what I said a few pages back. This was wrong:

It's also worth noting that both Flash and Adobe Reader run within medium-IL proxy processes even when used with low-IL Internet Explorer.

With protected-mode (low-IL) IE, in-browser PDF do run at low-IL. The broker processes are just there to handle the Save-As dialogs apparently. The same seems to be true for Flash, at least judging by which process (IE not the broker) uses CPU when animations are playing.

There's a good, detailed comment pointing out my mistake here:

http://www.istartedsomething.com/20090613/windows-7-uac-code-injection-vulnerability-video-demonstration-source-code-released/comment-page-2/#comment-75924

So if you use protected-mode IE (and possibly Chrome) then you shouldn't have to worry about RCEs in Flash/Reader breaking out of the browser and gaining full admin rights.

(It's still an issue if you use Firefox etc., and RCEs/buffer-overflows can still affect lots of other programs and media/document file types, including Adobe Reader when used outside of IE. This doesn't mean RCEs are not a problem but it I was completely wrong about Adobe Reader and Flash within protected-mode IE!)